RubyGems - arachni - Versions diffs - 1.1 → 1.2 - Mend

arachni 1.1 → 1.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (287) hide show

checksums.yaml +4 -4
data/CHANGELOG.md +159 -0
data/LICENSE.md +126 -196
data/README.md +32 -24
data/arachni.gemspec +7 -7
data/components/checks/active/code_injection_timing.rb +3 -3
data/components/checks/active/csrf.rb +2 -2
data/components/checks/active/file_inclusion.rb +6 -7
data/components/checks/active/os_cmd_injection.rb +3 -3
data/components/checks/active/path_traversal.rb +7 -7
data/components/checks/active/response_splitting.rb +9 -4
data/components/checks/active/session_fixation.rb +7 -3
data/components/checks/active/source_code_disclosure.rb +5 -5
data/components/checks/active/unvalidated_redirect.rb +12 -3
data/components/checks/active/unvalidated_redirect_dom.rb +3 -3
data/components/checks/active/xss.rb +23 -10
data/components/checks/active/xss_dom_inputs.rb +113 -11
data/components/checks/active/xxe.rb +3 -3
data/components/checks/passive/backdoors.rb +6 -5
data/components/checks/passive/backup_directories.rb +6 -6
data/components/checks/passive/backup_files.rb +6 -6
data/components/checks/passive/common_admin_interfaces.rb +58 -0
data/components/checks/passive/common_admin_interfaces/admin-panels.txt +49 -0
data/components/checks/passive/common_directories/directories.txt +0 -16
data/components/checks/passive/common_files.rb +6 -5
data/components/checks/passive/common_files/filenames.txt +0 -2
data/components/checks/passive/directory_listing.rb +6 -6
data/components/checks/passive/grep/cookie_set_for_parent_domain.rb +3 -3
data/components/checks/passive/grep/hsts.rb +6 -3
data/components/checks/passive/grep/http_only_cookies.rb +3 -3
data/components/checks/passive/grep/insecure_cookies.rb +2 -2
data/components/checks/passive/grep/insecure_cors_policy.rb +6 -4
data/components/checks/passive/grep/x_frame_options.rb +6 -4
data/components/checks/passive/htaccess_limit.rb +6 -2
data/components/checks/passive/http_put.rb +8 -4
data/components/checks/passive/interesting_responses.rb +3 -2
data/components/checks/passive/localstart_asp.rb +6 -2
data/components/checks/passive/origin_spoof_access_restriction_bypass.rb +5 -1
data/components/checks/passive/xst.rb +6 -2
data/components/fingerprinters/frameworks/aspx_mvc.rb +43 -0
data/components/fingerprinters/frameworks/cakephp.rb +28 -0
data/components/fingerprinters/frameworks/cherrypy.rb +31 -0
data/components/fingerprinters/frameworks/django.rb +33 -0
data/components/fingerprinters/frameworks/jsf.rb +30 -0
data/components/fingerprinters/frameworks/rack.rb +5 -7
data/components/fingerprinters/frameworks/rails.rb +43 -0
data/components/fingerprinters/languages/aspx.rb +11 -11
data/components/fingerprinters/languages/{jsp.rb → java.rb} +11 -7
data/components/fingerprinters/languages/php.rb +6 -6
data/components/fingerprinters/languages/python.rb +14 -6
data/components/fingerprinters/languages/ruby.rb +3 -5
data/components/fingerprinters/servers/apache.rb +5 -4
data/components/fingerprinters/servers/gunicorn.rb +33 -0
data/components/fingerprinters/servers/jetty.rb +1 -1
data/components/fingerprinters/servers/tomcat.rb +11 -4
data/components/path_extractors/anchors.rb +5 -12
data/components/path_extractors/areas.rb +5 -13
data/components/path_extractors/comments.rb +5 -3
data/components/path_extractors/data_url.rb +21 -0
data/components/path_extractors/forms.rb +5 -13
data/components/path_extractors/frames.rb +6 -13
data/components/path_extractors/generic.rb +3 -12
data/components/path_extractors/links.rb +5 -13
data/components/path_extractors/meta_refresh.rb +5 -13
data/components/path_extractors/scripts.rb +8 -14
data/components/plugins/autologin.rb +17 -5
data/components/plugins/defaults/meta/remedies/discovery.rb +11 -29
data/components/plugins/login_script.rb +40 -10
data/components/plugins/metrics.rb +235 -0
data/components/plugins/proxy.rb +21 -4
data/components/plugins/proxy/panel/page_accordion.html.erb +34 -2
data/components/plugins/restrict_to_dom_state.rb +70 -0
data/components/plugins/vector_feed.rb +38 -9
data/components/reporters/plugin_formatters/html/metrics.rb +290 -0
data/components/reporters/plugin_formatters/stdout/metrics.rb +80 -0
data/components/reporters/plugin_formatters/xml/metrics.rb +29 -0
data/components/reporters/stdout.rb +4 -2
data/components/reporters/xml.rb +4 -4
data/components/reporters/xml/schema.xsd +95 -0
data/lib/arachni.rb +2 -0
data/lib/arachni/browser.rb +132 -77
data/lib/arachni/browser/javascript.rb +173 -45
data/lib/arachni/browser/javascript/scripts/dom_monitor.js +81 -6
data/lib/arachni/browser/javascript/scripts/taint_tracer.js +31 -3
data/lib/arachni/browser_cluster.rb +41 -15
data/lib/arachni/browser_cluster/job.rb +4 -0
data/lib/arachni/browser_cluster/jobs/resource_exploration.rb +0 -9
data/lib/arachni/browser_cluster/worker.rb +8 -5
data/lib/arachni/check/auditor.rb +20 -8
data/lib/arachni/check/base.rb +38 -6
data/lib/arachni/element/base.rb +18 -1
data/lib/arachni/element/capabilities/analyzable/differential.rb +0 -1
data/lib/arachni/element/capabilities/analyzable/taint.rb +40 -10
data/lib/arachni/element/capabilities/analyzable/timeout.rb +27 -23
data/lib/arachni/element/capabilities/auditable/dom.rb +22 -0
data/lib/arachni/element/capabilities/inputtable.rb +6 -2
data/lib/arachni/element/capabilities/submittable.rb +1 -1
data/lib/arachni/element/cookie.rb +37 -23
data/lib/arachni/element/cookie/capabilities/mutable.rb +6 -6
data/lib/arachni/element/cookie/dom.rb +0 -8
data/lib/arachni/element/form.rb +28 -14
data/lib/arachni/element/form/capabilities/auditable.rb +2 -2
data/lib/arachni/element/form/capabilities/mutable.rb +5 -5
data/lib/arachni/element/form/dom.rb +0 -8
data/lib/arachni/element/generic_dom.rb +1 -1
data/lib/arachni/element/json.rb +2 -1
data/lib/arachni/element/json/capabilities/inputtable.rb +6 -6
data/lib/arachni/element/json/capabilities/mutable.rb +1 -1
data/lib/arachni/element/link.rb +13 -16
data/lib/arachni/element/link/dom.rb +1 -14
data/lib/arachni/element/link_template.rb +3 -2
data/lib/arachni/element/link_template/dom.rb +0 -16
data/lib/arachni/element/server.rb +51 -9
data/lib/arachni/element/xml.rb +1 -0
data/lib/arachni/ethon/easy.rb +4 -1
data/lib/arachni/framework/parts/audit.rb +26 -77
data/lib/arachni/framework/parts/browser.rb +50 -55
data/lib/arachni/framework/parts/check.rb +4 -3
data/lib/arachni/framework/parts/data.rb +41 -6
data/lib/arachni/framework/parts/state.rb +16 -7
data/lib/arachni/http/client.rb +66 -38
data/lib/arachni/http/client/dynamic_404_handler.rb +46 -14
data/lib/arachni/http/headers.rb +22 -10
data/lib/arachni/http/proxy_server.rb +67 -22
data/lib/arachni/http/proxy_server/ssl-interceptor-cacert.pem +34 -0
data/lib/arachni/http/proxy_server/ssl-interceptor-cakey.pem +51 -0
data/lib/arachni/http/request.rb +71 -18
data/lib/arachni/issue.rb +17 -3
data/lib/arachni/option_groups/browser_cluster.rb +34 -1
data/lib/arachni/option_groups/http.rb +1 -1
data/lib/arachni/page.rb +26 -13
data/lib/arachni/page/dom/transition.rb +2 -2
data/lib/arachni/parser.rb +28 -11
data/lib/arachni/platform/fingerprinter.rb +5 -0
data/lib/arachni/platform/manager.rb +65 -32
data/lib/arachni/plugin/base.rb +8 -0
data/lib/arachni/processes/instances.rb +25 -11
data/lib/arachni/reporter/manager.rb +2 -2
data/lib/arachni/rpc/client/instance.rb +4 -0
data/lib/arachni/rpc/server/framework/master.rb +3 -3
data/lib/arachni/rpc/server/framework/multi_instance.rb +0 -8
data/lib/arachni/rpc/server/instance.rb +2 -1
data/lib/arachni/ruby/array.rb +5 -0
data/lib/arachni/ruby/hash.rb +5 -0
data/lib/arachni/ruby/string.rb +2 -3
data/lib/arachni/session.rb +32 -6
data/lib/arachni/state/framework.rb +6 -2
data/lib/arachni/support/cache.rb +1 -0
data/lib/arachni/support/cache/base.rb +12 -8
data/lib/arachni/support/cache/least_recently_pushed.rb +29 -0
data/lib/arachni/support/cache/least_recently_used.rb +5 -8
data/lib/arachni/support/cache/preference.rb +1 -1
data/lib/arachni/support/cache/random_replacement.rb +1 -25
data/lib/arachni/support/database/queue.rb +21 -8
data/lib/arachni/support/lookup/base.rb +7 -1
data/lib/arachni/support/mixins/observable.rb +3 -1
data/lib/arachni/support/profiler.rb +51 -10
data/lib/arachni/support/signature.rb +11 -2
data/lib/arachni/trainer.rb +8 -2
data/lib/arachni/uri.rb +28 -25
data/lib/arachni/uri/scope.rb +1 -1
data/lib/arachni/utilities.rb +8 -0
data/lib/arachni/watir/element.rb +1 -1
data/lib/version +1 -1
data/spec/arachni/browser/javascript/dom_monitor_spec.rb +388 -53
data/spec/arachni/browser/javascript/taint_tracer_spec.rb +41 -0
data/spec/arachni/browser/javascript_spec.rb +235 -61
data/spec/arachni/browser_cluster/jobs/resource_exploration_spec.rb +0 -9
data/spec/arachni/browser_cluster_spec.rb +58 -10
data/spec/arachni/browser_spec.rb +170 -26
data/spec/arachni/check/auditor_spec.rb +22 -3
data/spec/arachni/check/base_spec.rb +84 -0
data/spec/arachni/element/body_spec.rb +1 -1
data/spec/arachni/element/capabilities/analyzable/taint_spec.rb +3 -3
data/spec/arachni/element/capabilities/analyzable/timeout_spec.rb +1 -1
data/spec/arachni/element/cookie/dom_spec.rb +0 -9
data/spec/arachni/element/cookie_spec.rb +85 -0
data/spec/arachni/element/form/dom_spec.rb +0 -9
data/spec/arachni/element/form_spec.rb +46 -3
data/spec/arachni/element/json_spec.rb +20 -0
data/spec/arachni/element/link/dom_spec.rb +0 -9
data/spec/arachni/element/link_spec.rb +40 -15
data/spec/arachni/element/link_template/dom_spec.rb +0 -8
data/spec/arachni/element/link_template_spec.rb +2 -6
data/spec/arachni/element/server_spec.rb +94 -8
data/spec/arachni/element/xml_spec.rb +20 -0
data/spec/arachni/framework/parts/audit_spec.rb +12 -14
data/spec/arachni/framework/parts/browser_spec.rb +0 -171
data/spec/arachni/framework/parts/platform_spec.rb +14 -8
data/spec/arachni/framework/parts/report_spec.rb +1 -1
data/spec/arachni/framework/parts/state_spec.rb +0 -9
data/spec/arachni/http/client/dynamic_404_handlers_spec.rb +19 -0
data/spec/arachni/http/client_spec.rb +169 -42
data/spec/arachni/http/headers_spec.rb +18 -0
data/spec/arachni/http/request_spec.rb +23 -0
data/spec/arachni/issue_spec.rb +17 -6
data/spec/arachni/page_spec.rb +22 -2
data/spec/arachni/parser_spec.rb +5 -0
data/spec/arachni/platform/manager_spec.rb +57 -25
data/spec/arachni/reporter/manager_spec.rb +26 -0
data/spec/arachni/rpc/server/active_options_spec.rb +9 -4
data/spec/arachni/state/framework_spec.rb +2 -8
data/spec/arachni/support/cache/least_recently_pushed_spec.rb +90 -0
data/spec/arachni/support/cache/least_recently_used_spec.rb +5 -13
data/spec/arachni/support/database/queue_spec.rb +7 -0
data/spec/arachni/support/mixins/observable_spec.rb +15 -1
data/spec/arachni/trainer_spec.rb +2 -2
data/spec/components/checks/active/code_injection_timing_spec.rb +1 -1
data/spec/components/checks/active/file_inclusion_spec.rb +6 -6
data/spec/components/checks/active/path_traversal_spec.rb +2 -2
data/spec/components/checks/active/source_code_disclosure_spec.rb +2 -2
data/spec/components/checks/active/unvalidated_redirect_spec.rb +6 -6
data/spec/components/checks/active/xss_dom_inputs_spec.rb +3 -5
data/spec/components/checks/active/xss_dom_script_context_spec.rb +1 -1
data/spec/components/checks/active/xss_spec.rb +5 -5
data/spec/components/checks/passive/common_admin_interfaces_spec.rb +15 -0
data/spec/components/checks/passive/interesting_responses_spec.rb +14 -1
data/spec/components/fingerprinters/frameworks/aspx_mvc_spec.rb +31 -0
data/spec/components/fingerprinters/frameworks/cakephp_spec.rb +22 -0
data/spec/components/fingerprinters/frameworks/cherrypy_spec.rb +28 -0
data/spec/components/fingerprinters/frameworks/django_spec.rb +37 -0
data/spec/components/fingerprinters/frameworks/jsf_spec.rb +27 -0
data/spec/components/fingerprinters/frameworks/rack_spec.rb +11 -14
data/spec/components/fingerprinters/frameworks/rails_spec.rb +53 -0
data/spec/components/fingerprinters/languages/asp_spec.rb +7 -9
data/spec/components/fingerprinters/languages/aspx_spec.rb +10 -24
data/spec/components/fingerprinters/languages/java_spec.rb +88 -0
data/spec/components/fingerprinters/languages/php_spec.rb +19 -12
data/spec/components/fingerprinters/languages/python_spec.rb +22 -9
data/spec/components/fingerprinters/languages/ruby.rb +6 -4
data/spec/components/fingerprinters/os/bsd_spec.rb +6 -4
data/spec/components/fingerprinters/os/linux_spec.rb +6 -4
data/spec/components/fingerprinters/os/solaris_spec.rb +6 -4
data/spec/components/fingerprinters/os/unix_spec.rb +6 -4
data/spec/components/fingerprinters/os/windows_spec.rb +6 -4
data/spec/components/fingerprinters/servers/apache_spec.rb +15 -4
data/spec/components/fingerprinters/servers/gunicorn_spec.rb +28 -0
data/spec/components/fingerprinters/servers/iis_spec.rb +6 -6
data/spec/components/fingerprinters/servers/jetty_spec.rb +6 -6
data/spec/components/fingerprinters/servers/nginx_spec.rb +6 -4
data/spec/components/fingerprinters/servers/tomcat_spec.rb +15 -6
data/spec/components/path_extractors/data_url_spec.rb +19 -0
data/spec/components/plugins/autologin_spec.rb +23 -0
data/spec/components/plugins/login_script_spec.rb +112 -24
data/spec/components/plugins/restrict_to_dom_state_spec.rb +16 -0
data/spec/components/plugins/vector_feed_spec.rb +39 -1
data/spec/support/factories/page/dom.rb +9 -4
data/spec/support/factories/page/dom/transition.rb +31 -9
data/spec/support/factories/scan_report.rb +8 -6
data/spec/support/fixtures/empty/placeholder +0 -0
data/spec/support/fixtures/report.afr +0 -0
data/spec/support/fixtures/reporters/manager_spec/error.rb +18 -0
data/spec/support/servers/arachni/browser.rb +117 -11
data/spec/support/servers/arachni/browser/javascript/dom_monitor.rb +148 -4
data/spec/support/servers/arachni/check/auditor.rb +4 -0
data/spec/support/servers/arachni/element/cookie/cookie_dom.rb +1 -1
data/spec/support/servers/arachni/http/client.rb +5 -0
data/spec/support/servers/arachni/http/client/dynamic_404_handler.rb +13 -0
data/spec/support/servers/checks/active/code_injection_timing.rb +1 -1
data/spec/support/servers/checks/active/file_inclusion.rb +2 -2
data/spec/support/servers/checks/active/path_traversal.rb +2 -2
data/spec/support/servers/checks/active/source_code_disclosure.rb +40 -33
data/spec/support/servers/checks/active/trainer_check.rb +9 -10
data/spec/support/servers/checks/active/unvalidated_redirect_dom.rb +7 -4
data/spec/support/servers/checks/active/xss.rb +35 -0
data/spec/support/servers/checks/active/xss_dom.rb +1 -1
data/spec/support/servers/checks/active/xss_dom_inputs.rb +24 -0
data/spec/support/servers/checks/active/xss_dom_script_context.rb +1 -1
data/spec/support/servers/checks/passive/common_admin_interfaces.rb +6 -0
data/spec/support/servers/plugins/autologin.rb +9 -0
data/spec/support/servers/plugins/restrict_to_dom_state.rb +4 -0
data/spec/support/shared/element/base.rb +42 -0
data/spec/support/shared/element/capabilities/auditable.rb +4 -4
data/spec/support/shared/element/capabilities/auditable/dom.rb +26 -0
data/spec/support/shared/element/capabilities/inputtable.rb +16 -11
data/spec/support/shared/element/capabilities/submitable.rb +7 -2
data/spec/support/shared/fingerprinter.rb +8 -0
data/spec/support/shared/path_extractor.rb +1 -1
data/ui/cli/framework.rb +3 -3
data/ui/cli/framework/option_parser.rb +9 -0
data/ui/cli/output.rb +9 -0
data/ui/cli/reporter.rb +5 -2
data/ui/cli/utilities.rb +4 -2
metadata +76 -17
data/lib/arachni/http/proxy_server/ssl-interceptor-cert.pem +0 -34
data/lib/arachni/http/proxy_server/ssl-interceptor-pkey.pem +0 -51
data/spec/components/fingerprinters/languages/jsp_spec.rb +0 -56

data/lib/arachni/element/generic_dom.rb CHANGED

@@ -74,7 +74,7 @@ class GenericDOM < Base
     def value
         transition.options[:value]
     end
-    alias :affected_input_value value
+    alias :affected_input_value :value
     # @return   [Hash]
     def to_h

data/lib/arachni/element/json.rb CHANGED

@@ -44,7 +44,7 @@ class JSON < Base
         self.inputs = (self.inputs || {}).merge( options[:inputs] || {} )
         if @source && self.inputs.empty?
-            self.inputs = JSON.load( self.source )
+            self.inputs = ::JSON.load( self.source )
         end
         @default_inputs = self.inputs.dup.freeze
@@ -104,6 +104,7 @@ class JSON < Base
         # @return   [JSON, nil]
         def from_request( url, request )
             return if !request.body.is_a?( String ) || request.body.empty?
+            return if too_big?( request.body )
             data =  begin
                 ::JSON.load( request.body )

data/lib/arachni/element/json/capabilities/inputtable.rb CHANGED

@@ -45,7 +45,7 @@ module Inputtable
     #
     # @return   [Object]
     #
-    # @see  Capabilities::Inputtable#[]
+    # @see  Arachni::Element::Capabilities::Inputtable#[]
     def []( name )
         key, data = find( name )
         data[key]
@@ -65,7 +65,7 @@ module Inputtable
     # @return   [Object]
     #   `value`
     #
-    # @see  Capabilities::Inputtable#[]=
+    # @see  Arachni::Element::Capabilities::Inputtable#[]=
     def []=( name, value )
         @inputs = @inputs.dup
         key, data = find( name )
@@ -80,11 +80,11 @@ module Inputtable
     # Overrides {Capabilities::Inputtable#update} to allow for non-string data
     # of variable depth.
     #
-    # @param    (see Capabilities::Inputtable#update)
-    # @return   (see Capabilities::Inputtable#update)
-    # @raise    (see Capabilities::Inputtable#update)
+    # @param    (see Arachni::Element::Capabilities::Inputtable#update)
+    # @return   (see Arachni::Element::Capabilities::Inputtable#update)
+    # @raise    (see Arachni::Element::Capabilities::Inputtable#update)
     #
-    # @see  Capabilities::Inputtable#update
+    # @see  Arachni::Element::Capabilities::Inputtable#update
     def update( hash )
         traverse_data hash do |path, value|
             self[path] = value

data/lib/arachni/element/json/capabilities/mutable.rb CHANGED

@@ -26,7 +26,7 @@ module Mutable
     #   If the `name` is an `Array`, it will be treated as a path to the location
     #   of the input.
     #
-    # @see  Capabilities::Mutable#affected_input_name=
+    # @see  Arachni::Element::Capabilities::Mutable#affected_input_name=
     def affected_input_name=( name )
         if name.is_a?( Array ) && name.size == 1
             name = name.first

data/lib/arachni/element/link.rb CHANGED

@@ -55,19 +55,11 @@ class Link < Base
     def to_s
         uri = uri_parse( self.action ).dup
         uri.query = self.inputs.
-            map { |k, v| "#{encode_query_params(k)}=#{encode_query_params(v)}" }.
+            map { |k, v| "#{encode(k)}=#{encode(v)}" }.
             join( '&' )
         uri.to_s
     end
-    # @param   (see .encode_query_params)
-    # @return  (see .encode_query_params)
-    #
-    # @see .encode_query_params
-    def encode_query_params( *args )
-        self.class.encode_query_params( *args )
-    end
     # @param   (see .encode)
     # @return  (see .encode)
     #
@@ -114,7 +106,14 @@ class Link < Base
         #
         # @return   [Array<Link>]
         def from_document( url, document )
-            document = Nokogiri::HTML( document.to_s ) if !document.is_a?( Nokogiri::HTML::Document )
+            if !document.is_a?( Nokogiri::HTML::Document )
+                document = document.to_s
+                return [] if !(document =~ /\?.*=/)
+                document = Nokogiri::HTML( document )
+            end
             base_url =  begin
                 document.search( '//base[@href]' )[0]['href']
             rescue
@@ -122,6 +121,8 @@ class Link < Base
             end
             document.search( '//a' ).map do |link|
+                next if too_big?( link['href'] )
                 href = to_absolute( link['href'], base_url )
                 next if !href
@@ -137,12 +138,8 @@ class Link < Base
             end.compact
         end
-        def encode_query_params( param )
-            encode( encode( param.recode ), '=' )
-        end
-        def encode( *args )
-            ::URI.encode( *args )
+        def encode( string )
+            Arachni::HTTP::Request.encode string
         end
         def decode( *args )

data/lib/arachni/element/link/dom.rb CHANGED

@@ -57,7 +57,7 @@ class DOM < Base
     #   URL including the DOM {#inputs}.
     def to_s
         "#{@action}##{fragment_path}?" << inputs.
-            map { |k, v| "#{encode_query_params(k)}=#{encode_query_params(v)}" }.
+            map { |k, v| "#{encode(k)}=#{encode(v)}" }.
             join( '&' )
     end
@@ -65,22 +65,9 @@ class DOM < Base
         "#{@action}##{fragment}"
     end
-    def encode_query_params( *args )
-        Link.encode_query_params( *args )
-    end
-    def encode( *args )
-        Link.encode( *args )
-    end
-    def decode( *args )
-        Link.decode( *args )
-    end
     def type
         self.class.type
     end
     def self.type
         :link_dom
     end

data/lib/arachni/element/link_template.rb CHANGED

@@ -170,6 +170,7 @@ class LinkTemplate < Base
             end
             document.search( '//a' ).map do |link|
+                next if too_big?( link['href'] )
                 next if !(href = to_absolute( link['href'], base_url ))
                 template, inputs = extract_inputs( href, templates )
@@ -212,11 +213,11 @@ class LinkTemplate < Base
         end
         def encode( string )
-            URI.encode( URI.encode( URI.encode( string.to_s, ';' ) ), '/' )
+            Link.encode string
         end
         def decode( *args )
-            URI.decode( *args )
+            Link.decode( *args )
         end
         def type

data/lib/arachni/element/link_template/dom.rb CHANGED

@@ -68,22 +68,6 @@ class DOM < Base
         LinkTemplate.extract_inputs( url, templates )
     end
-    def encode( string )
-        self.class.encode( string )
-    end
-    def self.encode( string )
-        string
-    end
-    def decode( *args )
-        self.class.decode( *args )
-    end
-    def self.decode( *args )
-        Link.decode( *args )
-    end
     def type
         self.class.type
     end

data/lib/arachni/element/server.rb CHANGED

@@ -16,14 +16,27 @@ module Arachni::Element
 class Server < Base
     include Capabilities::WithAuditor
-    # Used to determine how different a resource should be in order to be sent
-    # to the {Trainer#push}.
+    # Valid responses to discovery checks should vary *wildly*, especially when
+    # considering the types of directories and files that these checks look for.
     #
-    # Ideally, all identified resources should be analyzed by the {Trainer} but
-    # there can be cases where unreliable custom-4o4 signatures lead to FPs and
-    # feeding FPs to the system can create an infinite loop.
+    # On the other hand, custom-404 or such responses will have many things in
+    # common which makes it possible to spot them without much bother.
+    #
+    # Ideally, custom-404s will be identified properly by the
+    # {HTTP::Client::Dynamic404Handler} but this is here to save our ass in case
+    # there's a bug or an unforeseen edge-case or something.
+    #
+    # Also, identified resources should be analyzed by the {Trainer} but there
+    # can be cases where unreliable custom-404 signatures lead to FPs and feeding
+    # FPs to the system can create an infinite loop.
     SIMILARITY_TOLERANCE = 0.25
+    # Remark in case of an untrusted issue.
+    REMARK = 'This issue was logged by a discovery check but ' +
+        'the response for the resource it identified is very similar to responses ' +
+        'for other resources of similar type. This is a strong indication that ' +
+        'the logged issue is a false positive.'
     def initialize( url )
         super url: url
         @initialization_options = url
@@ -86,7 +99,13 @@ class Server < Base
         return false if !full_and_absolute_url?( url )
         if http.dynamic_404_handler.needs_check?( url )
-            http.get( url, performer: self ) do |r|
+            # Don't enable fingerprinting if there's a dynamic handler, we don't
+            # want to keep analyzing non existent resources.
+            #
+            # If a resource does exist though it will be fingerprinted down the
+            # line.
+            http.get( url, performer: self, fingerprint: false ) do |r|
                 if r.code == 200
                     http.dynamic_404_handler._404?( r ) { |bool| block.call( !bool, r ) }
                 else
@@ -118,6 +137,23 @@ class Server < Base
         s << '>'
     end
+    def self.flag_issues_as_untrusted( issue_digests )
+        issue_digests.uniq.each do |digest|
+            next if !Arachni::Data.issues[digest]
+            Arachni::Data.issues[digest].variations.each do |issue|
+                issue.add_remark :meta_analysis, REMARK
+                issue.trusted = false
+            end
+        end
+    end
+    def self.flag_issues_if_untrusted( similarity, issue_digests )
+        return if similarity < SIMILARITY_TOLERANCE
+        flag_issues_as_untrusted( issue_digests )
+    end
     private
     def analyze
@@ -153,10 +189,14 @@ class Server < Base
         # framework custom-404s and get into an infinite loop.
         train = similarity < SIMILARITY_TOLERANCE
+        issue_digests = []
         @candidates.each do |response, block|
-            log response, train, &block
+            issue_digests << log( response, train, &block ).digest
         end
+        return if train
+        self.class.flag_issues_as_untrusted( issue_digests )
     ensure
         @candidates.clear
     end
@@ -164,12 +204,14 @@ class Server < Base
     def log( response, train = true, &block )
         block.call( response ) if block_given?
-        auditor.log_remote_file( response )
+        issue = auditor.log_remote_file( response )
-        return if !train
+        return issue if !train
         # Use the newly identified resource to increase the scan scope.
         auditor.framework.trainer.push( response )
+        issue
     end
 end

data/lib/arachni/element/xml.rb CHANGED

@@ -137,6 +137,7 @@ class XML < Base
         # @return   [XML, nil]
         def from_request( url, request )
             return if !request.body.is_a?( String ) || request.body.empty?
+            return if too_big?( request.body )
             data = parse_inputs( request.body )
             return if data.empty?

data/lib/arachni/ethon/easy.rb CHANGED

@@ -11,9 +11,12 @@ class Easy
 module Callbacks
     def debug_callback
         @debug_callback ||= proc do |handle, type, data, size, udata|
+            # We only care about these so that we can have access to raw
+            # HTTP request traffic for reporting/debugging purposes.
+            next if type != :header_out && type != :data_out
             message = data.read_string( size )
             @debug_info.add type, message
-            # print message unless [:data_in, :data_out].include?(type)
             0
         end
     end

data/lib/arachni/framework/parts/audit.rb CHANGED

@@ -117,25 +117,28 @@ module Audit
         # resulting pages back to the framework.
         perform_browser_analysis( page )
-        # Remove elements which have already passed through here.
-        pre_audit_element_filter( page )
-        # Filter the page through the browser and apply DOM metadata to itself
-        # and its elements in order to allow for audit optimizations down the
-        # line.
-        #
-        # For example, if a DOM element has no associated events, there's no
-        # point in it getting audited.
-        apply_dom_metadata( page )
-        notify_on_effective_page_audit( page )
-        # Run checks which **don't** benefit from fingerprinting first, so that
-        # we can use the responses of their HTTP requests to fingerprint the
-        # webapp platforms, so that the checks which **do** benefit from knowing
-        # the remote platforms can run more efficiently.
-        run_http = run_checks( @checks.without_platforms, page )
-        run_http = true if run_checks( @checks.with_platforms, page )
+        run_http = false
+        if checks.any?
+            # Remove elements which have already passed through here.
+            pre_audit_element_filter( page )
+            notify_on_effective_page_audit( page )
+            # Run checks which **don't** benefit from fingerprinting first, so
+            # that we can use the responses of their HTTP requests to fingerprint
+            # the webapp platforms, so that the checks which **do** benefit from
+            # knowing the remote platforms can run more efficiently.
+            run_http = run_checks( @checks.without_platforms, page )
+            run_http = true if run_checks( @checks.with_platforms, page )
+        end
+        notify_after_page_audit( page )
+        # Makes it easier on the GC but it is important that it be called
+        # **after** all the callbacks have been executed because they may need
+        # access to the cached data and there's no sense in re-parsing.
+        page.clear_cache
         if Arachni::Check::Auditor.has_timeout_candidates?
             print_line
@@ -145,10 +148,6 @@ module Audit
             run_http = true
         end
-        # Makes it easier on the GC.
-        page.clear_cache
-        notify_after_page_audit( page )
         run_http
     end
@@ -207,66 +206,21 @@ module Audit
         @audit_queues_done = false
-        # If for some reason we've got pages in the page queue this early,
-        # consume them and get it over with.
-        audit_page_queue
-        next_page = nil
-        while !suspended? && !page_limit_reached? &&
-            (page = next_page || pop_page_from_url_queue)
-            # Schedule the next page to be grabbed along with the audit requests
-            # for the current page in order to avoid blocking.
-            next_page = nil
-            next_page_call = proc do
-                pop_page_from_url_queue { |p| next_page = p }
-            end
+        while !suspended? && !page_limit_reached? && (page = pop_page)
-            # If we have login capabilities make sure that our session is valid
-            # before grabbing and auditing the next page.
-            if session.can_login?
-                # Schedule the login check to happen along with the audit requests
-                # to prevent blocking and grab the next page as well.
-                session.logged_in? do |bool|
-                    next next_page_call.call if bool
+            session.ensure_logged_in
-                    session.login
-                    next_page_call
-                end
-            else
-                next_page_call.call
-            end
+            replenish_page_queue_from_url_queue
-            # We're counting on piggybacking the next page retrieval with the
+            # We're counting on piggybacking the page queue replenishing on the
             # page audit, however if there wasn't an audit we need to force an
             # HTTP run.
             audit_page( page ) or http.run
-            if next_page && suspend?
-                data.page_queue << next_page
-            end
             handle_signals
-            # Consume pages somehow triggered by the audit and pushed by the
-            # trainer or plugins or whatever.
-            audit_page_queue
         end
-        audit_page_queue
         @audit_queues_done = true
-        true
-    end
-    # Audits the page queue.
-    #
-    # @see #pop_page_from_queue
-    def audit_page_queue
-        while !suspended? && !page_limit_reached? && (page = pop_page_from_queue)
-            audit_page( page )
-            handle_signals
-        end
     end
     def harvest_http_responses
@@ -274,10 +228,6 @@ module Audit
         print_info 'Depending on server responsiveness and network' <<
                        ' conditions this may take a while.'
-        # Run all the queued HTTP requests and harvest the responses.
-        http.run
-        # Needed for some HTTP callbacks.
         http.run
     end
@@ -286,4 +236,3 @@ end
 end
 end
 end